The importance of web security

Join us as we take a look at the different approaches you can take in order to bolster your web security. We find out how to identify and address overlooked web security vulnerabilities, how security controls affect web security assessment results and why web opportunities must be met with appropriate security controls.

Spitfire chief executive officer Paul Hynek was told by the company's credit card processor, Online Data, that the scam may have affected as many as 25 other companies.

Online Data president John Rante said that a total of 100,000 fraudulent credit card transactions were involved.

According to Hynek, Online Data approved more than 60,000 of the false charges, worth $5.07 (£3.30) each, on 12 September.

Online Data is a reseller of VeriSign's credit card payment gateway services, which performed the authorisations.

Although about $300,000 (£195,000) in charges were approved by VeriSign, the company stopped the transactions before they were completed, so no money was ever transferred to Spitfire, claimed Hynek. However, the authorisations let the thieves know that those credit cards were valid.

As soon as Online Data became aware of the problem, Rante said, the company worked closely with VeriSign to notify the credit card companies, which then deactivated the cards. Rante said the credit card companies are co-operating with federal authorities investigating the fraud.

If the scam had not been detected, Hynek said, thousands of dollars in fraudulent charges could have been racked up before cardholders became aware of any problem.

Spitfire, whose products include a talking toilet paper holder, learned of the scam when customers who noticed false charges on their accounts began calling the company, Hynek said.

Hynek, Rante and VeriSign spokesman Tom Galvin all said they believe thieves most likely got the credit card numbers by cracking the passwords of the affected merchants.

However, Dan Clements, a credit fraud expert with CardCops.com, disagreed. He said the card frauds may have exploited a hole in the customer database of a large Internet merchant that did not properly secure its Web site.

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy